From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49704)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UzWSo-00075u-8W
	for qemu-devel@nongnu.org; Wed, 17 Jul 2013 14:28:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UzWSn-0001r6-4u
	for qemu-devel@nongnu.org; Wed, 17 Jul 2013 14:28:34 -0400
Received: from e38.co.us.ibm.com ([32.97.110.159]:46426)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1UzWSm-0001r2-VR
	for qemu-devel@nongnu.org; Wed, 17 Jul 2013 14:28:33 -0400
Received: from /spool/local
	by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aliguori@us.ibm.com>;
	Wed, 17 Jul 2013 12:28:31 -0600
Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com
	[9.17.195.107])
	by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id BE7CE3E40074
	for <qemu-devel@nongnu.org>; Wed, 17 Jul 2013 12:27:59 -0600 (MDT)
Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245])
	by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	r6HISKKx142758
	for <qemu-devel@nongnu.org>; Wed, 17 Jul 2013 12:28:20 -0600
Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1])
	by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id r6HIUvxw027868
	for <qemu-devel@nongnu.org>; Wed, 17 Jul 2013 12:30:57 -0600
From: Anthony Liguori <aliguori@us.ibm.com>
In-Reply-To: <51E6D54B.7020700@redhat.com>
References: <1373840171-25556-1-git-send-email-rth@twiddle.net>
	<1373840171-25556-4-git-send-email-rth@twiddle.net>
	<8761w9wm50.fsf@blackfin.pond.sub.org>
	<51E67B7A.8000800@redhat.com> <8761w9gp88.fsf@codemonkey.ws>
	<51E6D54B.7020700@redhat.com>
Date: Wed, 17 Jul 2013 13:28:11 -0500
Message-ID: <87y595niro.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] [PULL 3/5] exec: Support 64-bit operations in
	address_space_rw
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>, Markus Armbruster <armbru@redhat.com>, Richard Henderson <rth@twiddle.net>

Paolo Bonzini <pbonzini@redhat.com> writes:

> Il 17/07/2013 17:50, Anthony Liguori ha scritto:
>> Paolo Bonzini <pbonzini@redhat.com> writes:
>> 
>>> Il 17/07/2013 11:50, Markus Armbruster ha scritto:
>>>> Richard Henderson <rth@twiddle.net> writes:
>>>>
>>>>> Honor the implementation maximum access size, and at least check
>>>>> the minimum access size.
>>>>>
>>>>> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
>>>>> Signed-off-by: Richard Henderson <rth@twiddle.net>
>>>>
>>>> Fails for me:
>>>>
>>>> qemu-system-x86_64: /work/armbru/qemu/exec.c:1927: memory_access_size: Assertion `l >= access_size_min' failed.
>>>
>>> This:
>>>
>>>     unsigned access_size_min = mr->ops->impl.min_access_size;
>>>     unsigned access_size_max = mr->ops->impl.max_access_size;
>>>
>>> must be respectively:
>>>
>>>     unsigned access_size_min = 1;
>>>     unsigned access_size_max = mr->ops->valid.max_access_size;
>>>
>>> access_size_min can be 1 because erroneous accesses must not crash 
>>> QEMU, they should trigger exceptions in the guest or just return 
>>> garbage (depending on the CPU).  I'm not sure I understand the comment, 
>>> placing a 4-byte field at the last byte of a region makes no sense 
>>> (unless impl.unaligned is true).
>>>
>>> access_size_max can be mr->ops->valid.max_access_size because memory.c 
>>> can and will still break accesses bigger than 
>>> mr->ops->impl.max_access_size.
>>>
>>> Markus, can you try the minimal patch above?  Or this one that also
>>> does the consequent simplifications.
>> 
>> FYI, the reproducer is very simple:
>> 
>> qemu-system-x86_64 -usb
>
> My patch works.

Yes, can you send a SoB and submit as a top level?

Right now uhci is completely broken.

Regards,

Anthony Liguori

>
> Paolo
>
>> Regards,
>> 
>> Anthony Liguori
>> 
>>>
>>> diff --git a/exec.c b/exec.c
>>> index c99a883..0904283 100644
>>> --- a/exec.c
>>> +++ b/exec.c
>>> @@ -1898,14 +1898,8 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
>>>  
>>>  static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
>>>  {
>>> -    unsigned access_size_min = mr->ops->impl.min_access_size;
>>> -    unsigned access_size_max = mr->ops->impl.max_access_size;
>>> +    unsigned access_size_max = mr->ops->valid.max_access_size;
>>>  
>>> -    /* Regions are assumed to support 1-4 byte accesses unless
>>> -       otherwise specified.  */
>>> -    if (access_size_min == 0) {
>>> -        access_size_min = 1;
>>> -    }
>>>      if (access_size_max == 0) {
>>>          access_size_max = 4;
>>>      }
>>> @@ -1922,9 +1916,6 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
>>>      if (l > access_size_max) {
>>>          l = access_size_max;
>>>      }
>>> -    /* ??? The users of this function are wrong, not supporting minimums larger
>>> -       than the remaining length.  C.f. memory.c:access_with_adjusted_size.  */
>>> -    assert(l >= access_size_min);
>>>  
>>>      return l;
>>>  }
>>>
>>> Paolo
>>